Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft IE navcancl.htm跨站脚本执行漏洞(MS07-033)
Vulnerability Description
Internet Explorer是微软发布的非常流行的WEB浏览器。 IE在处理页面导航的操作上存在漏洞,远程攻击者可能利用此漏洞实现跨站脚本执行。 如果由于某种原因取消了到特定页面的导航的话,IE 7浏览器会使用navcancl.htm本地资源,在取消导航时特定页面的URL在"#"符号后提供给了navcancl.htm,如res://ieframe.dll/navcancl.htm#http://www.site.com 。然后navcancl.htm页面会在"刷新页面"链接中生成脚本,以便在用户点击
CVSS Information
N/A
Vulnerability Type
N/A